This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/main by this push:
new 0bad57690 Fix potential memory leaks on error paths identified by
Copilot
0bad57690 is described below
commit 0bad57690ab4f095e47abdef22162cb6fb21087b
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Mar 12 11:36:59 2026 +0000
Fix potential memory leaks on error paths identified by Copilot
SSL_CTX_add0_chain_cert only takes ownership on success so certs needs
to be freed on the failure path.
If realloc() fails, the original p_data pointer is lost
---
native/src/sslcontext.c | 14 +++++++++++---
xdocs/miscellaneous/changelog.xml | 4 ++++
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index 332aca4fa..463540c27 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -1193,6 +1193,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
addChainCertificateRaw)(TCN_STDARGS, jl
} else if (SSL_CTX_add0_chain_cert(c->ctx, certs) <= 0) {
ERR_error_string_n(SSL_ERR_get(), err,
TCN_OPENSSL_ERROR_STRING_LENGTH);
tcn_Throw(e, "Error adding certificate to chain (%s)", err);
+ X509_free(certs);
rv = JNI_FALSE;
}
@@ -1431,14 +1432,21 @@ static int initProtocols(JNIEnv *e, const
tcn_ssl_ctxt_t *c, unsigned char **pro
// delimited by ','.
p_data_len += 1 + proto_chars_len;
if (p_data_len > p_data_size) {
+ // Find start of buffer
+ unsigned char *p_data_start = p_data - (p_data_len - (1 +
proto_chars_len));
+ unsigned char *p_data_tmp;
// double size
p_data_size <<= 1;
- p_data = realloc(p_data, p_data_size);
- if (p_data == NULL) {
- // Not enough memory?
+ p_data_tmp = realloc(p_data_start, p_data_size);
+ if (p_data_tmp == NULL) {
+ // Not enough memory? Free the original buffer.
+ free(p_data_start);
+ p_data = NULL;
(*e)->ReleaseStringUTFChars(e, proto_string, proto_chars);
break;
}
+ // Set position in buffer as realloc may have moved the buffer
+ p_data = p_data_tmp + (p_data_len - (1 + proto_chars_len));
}
// Write the length of the protocol and then increment before
memcpy the protocol itself.
*p_data = proto_chars_len;
diff --git a/xdocs/miscellaneous/changelog.xml
b/xdocs/miscellaneous/changelog.xml
index 87ff4027a..fb69471a2 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -37,6 +37,10 @@
Fix a memory leak when parsing certificates. Pull request <pr>44</pr>
provided by chenjp. (markt)
</fix>
+ <fix>
+ Fix two potential memory leaks on error paths identified by Copilot.
+ (markt)
+ </fix>
</changelog>
</section>
<section name="2.0.14" rtext="2026-03-10">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
